Hi,
I have MT ccr1036 switch, and would like to define two vlans (vlan10 on eth7 and vlan20 on eth6) to same subnet.
Also I need to use the same DHCP server with one address poll for both vlan10 and vlan20.
I wonder is it possible?
You can’t have the same subnet assigned to multiple interfaces on the mikrotik. What you can do is to bridge the two interfaces and assign the addresses to the bridge… Does that make sense?..
e.g.
/interface bridge
add name=mybridge
/interface bridge port
add interface=vlan10 bridge=mybridge
add interface=vlan20 bridge=mybridge
/ip address
add address=10.0.0.1/24 interface=mybridgeAlthough that does kind of defeat the idea of a VLAN…
Thanks for reply efaden,
I have unsigned packets from eth7 which need to be assigned to vlan10. The same with eth6 and vlan20.
I have tried to create bridge1 with ports vlan10 and eth7, bridge2 with ports vlan20 and eth6. But I can’t assign the same subnet for both bridges as you just confirmed. If I will bridge all ports to one bridge, I will not be able to tag specific ports with different vlans?
Cisco allow to have Multiple VLANS in the same subnet
As I understand, this is not possible with mikrotik?
I’ll have to think about it. You “may” be able to do something like that by using the features of the switch chip, but I’m not positive. The other problem is I don’t know which of those features exist on the CCR and I don’t have one to test with.
To make sure I get it …
You want to take untagged traffic from eth6 and tag it with VLAN20 on 10.0.0.1/27… untagged traffic from eth7 and tag it with VLAN10 on 10.0.0.2/27… then you want to make a trunk on eth3?..
You could do something like this…
/interface bridge
add name=mybridge
/interface vlan
add name=vlan20 interface=ether3
add name=vlan10 interface=ether3
/interface bridge port
add bridge=mybridge interface=ether6
add bridge=mybridge interface=ether7
add bridge=mybridge interface=vlan10
add bridge=mybridge interface=vlan20
/ip address
add interface=mybridge address=10.0.0.1/27
Unfortunately CCR does not have switch chip.
Yes, exactly.
I doubt it will work, how system will know to which vlan assign packet from ether6 for example.
Anyway, I will try.
Just to make sure, its not possible to bridge two bridges together?
Its not possible to have same interface in two bridges?
If that doesn’t work post your export and I’ll take a look. I can explain when I get back on a computer
Sent from my SCH-I545 using Tapatalk
Do you have a specific Cisco config that you are trying to recreate? I suspect that you want to use one bridge and then use the horizon settings on the bridge ports to control the forwarding, however that has certain specific consequences which may or may not work for you depending on your overall goals.
See:
http://wiki.mikrotik.com/wiki/MPLSVPLS#Split_horizon_bridging
Yes, I know about this feature. Basically, packets received on a bridge port with a particular non-zero horizon value will not be forwarded out ports with the same non-zero horizon value. As I understand this is could be useful for isolating multiple vlans in the same bridge. My goal is to tag specific ports to specific vlans in the same bridge.
I have tried to test this setup, but need help. I cant manage to debug my setup to show packets vlan id.
I have used this example to enable bridge logging:
/interface bridge filter add chain=input action=log disabled=no
Pinging from eth6 (vlan10) to ether7 (vlan20), but cant see vlan ID in the logs.
Tried torch with Vlan ID collection option, but I see only untagged packets. Do I miss something fundamental?
Testing such a simple config for a moment:
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] name=sfp1
set [ find default-name=sfp-sfpplus2 ] name=sfp2
set [ find default-name=ether1 ] name=eth1-public comment=Public1
set [ find default-name=ether2 ] name=eth2-public comment=Public2
set [ find default-name=ether3 ] name=eth3 comment=“Bond to sfp1”
set [ find default-name=ether4 ] name=eth4 comment=“Bond to sfp2”
set [ find default-name=ether5 ] name=eth5 comment=DMZ
set [ find default-name=ether6 ] name=eth6 comment=Wireless
set [ find default-name=ether7 ] name=eth7 comment=Wired speed=1Gbps
set [ find default-name=ether8 ] name=eth8 comment=Wired
/interface bonding
add comment=Trunk mode=active-backup name=sfp1-bond primary=sfp1 slaves=
sfp1,eth3
add comment=DMZ mode=active-backup name=sfp2-bond primary=sfp2 slaves=
sfp2,eth4
/interface vlan
add interface=sfp1-bond name=vlan10 vlan-id=10
add interface=sfp1-bond name=vlan20 vlan-id=20
add interface=sfp1-bond name=vlan30 vlan-id=30
/interface bridge
add l2mtu=1590 name=mybridge
add l2mtu=1590 name=mybridge2
/interface bridge port
add bridge=mybridge interface=eth6 path-cost=4
add bridge=mybridge interface=vlan10 path-cost=2
add bridge=mybridge2 interface=vlan20 path-cost=2
add bridge=mybridge2 interface=eth7 path-cost=4
/ip pool
add name=dhcp-br-Wired ranges=10.0.0.11-10.0.0.29
add name=dhcp-br-Wired2 ranges=10.1.0.11-10.1.0.29
/ip dhcp-server
add address-pool=dhcp-br-Wired disabled=no interface=mybridge name=
dhcp-br-Wired
add address-pool=dhcp-br-Wired2 disabled=no interface=mybridge2 name=
dhcp-br-Wired2This is my first Mikrotik device, and I have it only for one week.
You actually won’t see the VLAN on the pings… since eth6 and eth7 are actually untagged… the packets only get tagged when they leave on eth3. Inside of the mikrotik they are untagged.
… so if you control which of the VLAN virtual interfaces the bridge will forward Ether interface frames to you can control which “VLAN” the traffic appears from at the other end of the trunk.
e.g. if Ether 6 and VLAN 10 have the same horizon then the Ether 6 traffic will only appear on VLAN 20.
Of course this would result in not all hosts on the subnet being able to see each other which is normally a bad idea.
I suspect that you are trying to emulate a Cisco switch but in terms of VLAN implementation RouterOS is more like a Cisco router,
I don’t think the horizon feature would work 100% here…
Since he basically has 4 ports he wants to bridge… ether6/ether7/vlan10/vlan20, but only really wants traffic from ether6 to vlan20 and ether7 to vlan10… using the split horizon feature with the assignments
ether6 & vlan10 - Horizon 1
ether7 & vlan20 - Horizon 2
would yield ether6 traffic going to ether7 and vlan20 and ether7 traffic going to vlan10 and ether6… which wouldn’t isolate ether6 and ether7…
CelticComms: do you agree?
You are right, I am trying to replicate existing setup on Cisco device, we will need to interconnect two branches with L2TP/IPSec tunnel.
And I think efaden is right, this will not work in my situation.
I had brought home only one router, and my PC NIC driver does not support vlans. Tomorrow I will test faden earlier posted solution and will report back.
I looked at the link above to the Cisco setup. It refers to the situation of having restricted public IPs and using the method to arrange multiple VLANs without having multiple subnets.
Split horizon would not isolate the Ether ports so if that is desired you could perhaps use multiple bridge filters to control the forwarding in the desired pattern
Are you doing this on public or RFC 1918 addresses?
At last, have both routers on my hands. Loaded this config on both routers, except:
Router1:
add interface=mybridge address=10.0.0.1/27Router2:
add interface=mybridge address=10.0.0.2/27I have connected two hosts to each router, and I got 100% CPU on both routers, hosts cant ping routers.
So unfortunately this does not work. Do you have more suggestion to try?
I would appreciate for simple example script.
I’m afraid I do not quite understand the question.
We have two branches. I have provided topology image of branch 1 in my first post. Both routers in this image is connected using RFC 1918 address. Addresses provided in image are actual addresses we will use. Both branches will be connected via Public IPs using L2TP/IPSec tunnel. Branch 2 has quite similar topology with identical vlan IDs but cisco hardware.
I hope I have been able to answer your questions
Sorry for my poor English, it’s my third language
Vrf?
ARBEIT ANGST KONSUMTERROR